| 12345678910111213141516171819202122232425262728293031323334353637383940414243 |
- [httpd_global_handlers]
- _session = {ldap_auth, handle_session_req}
- [httpd]
- authentication_handlers = {ldap_auth, handle_admin_role}
- [ldap_auth]
- ; NOTE: for all of the following configurations, if the key is suffixed in "DN", ldap_auth
- ; will expect you to provide a real LDAP Distinguished Name.
- ; If you use handle_admin_role to assign your system admins, specify the authentication handlers it should
- ; query here. See SystemAdminRoleName for more details.
- AuthenticationHandlers = {couch_httpd_auth, cookie_authentication_handler}, {ldap_auth, handle_basic_auth_req}
- ; Enable SSL to the LDAP server.
- UseSsl = false
- ; The LDAP servers to use for searches and authentication, separated by commas. These will be tried in-order.
- LdapServers = first.ldap.example.com, second.ldap.example.com, third.ldap.example.com
- ; The DN to narrow the scope of searches for users and groups.
- BaseDN = DC=example,DC=com
- ; ldap_auth will use this user DN and password to search for users trying to authenticate.
- ; if you have anonymous LDAP queries enabled (not recommended) you may simply provide the
- ; `anon` CN and a blank password.
- SearchUserDN = CN=ldapsearch,CN=Users,DC=example,DC=com
- SearchUserPassword = ldapsearch_password_here
- ; On ActiveDirectory, you might choose from:
- ; - sAMAccountName, e.g. jsmith
- ; - userPrincipalName, e.g. jsmith@example.com
- ; NOTE: if you use userPrincipalName, be sure to URL-encode the username when using basic auth.
- ; e.g. http://jsmith%40example.com:password@example.com:5984
- UserDNMapAttr = sAMAccountName
- ; The LDAP attribute of the group to use as the role name.
- GroupDNMapAttr = name
- ; The role to grant system administrative privileges to.
- ; If you include {ldap_auth, handle_admin_role} in your authentication_handlers, it will
- ; grant the system admin role to anyone who has this role assigned. BE CAREFUL.
- SystemAdminRoleName = admin
|
